We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
For more, see our daily update on COVID-19 and the cybersecurity community.
Reuters reports that German authorities have issued a warrant for the arrest of Dmitry Badin, a GRU operator wanted in connection with a 2015 hack of the Bundestag.
Researchers at Intezer have identified a new Linux-based botnet they're calling "Kaiji." It's apparently the work of a developer in China, and it's designed to infect IoT devices in order to herd them into a botnet adapted to distributed denial-of-service attacks. ZDNet reports that Kaiji gains access to targeted devices via SSH brute-force attacks.
Pen Test Partners say they've demonstrated a disturbing proof-of-concept: a "crying wolf" attack against commercial aviation's Traffic Alert & Collision Avoidance System (TCAS). It's possible to induce "ghost contacts" in the system, and some aircraft might automatically respond to such false reports by altering course. The potential risk to flight safety is obvious. Threatpost points out that the ghosts won't show up on radar, and that pilots may well trust, probably will trust, radar more than TCAS, but the proof-of-concept remains troubling nonetheless.
Cryptominers continue to exploit vulnerabilities in the Salt remote task and configuration framework. ComputerWeekly writes that Xen Orchestra users have been affected, as have users of the Ghost blogging platform. The Register reports that DigiCert has also been affected.
Roblox user data have been compromised in ways that enable the attacker not only to access personal information, but to dispense in-game currency. WIRED says the attacker bribed a Roblox insider to provide access, and then sought to claim a bug bounty from the game company.
Today's issue includes events affecting Australia, Canada, China, European Union, France, Germany, India, Italy, New Zealand, Russia, United Kingdom, United States
Malicious Office macros remain a significant carrier of malicious payloads.
"Well, there are a lot of sort of an enterprise Excel or Office artists, I call them, that come up with fairly complex spreadsheets and such that use these macros to even pull in values from APIs and such. So, yes, they exist. And that's where the hard part here for these - for the security guys that do - to filter out the right macros, like in this case. Now, the user actually expected a document like this, and that makes it really difficult. In particular, if you're talking about more targeted attacks or these busy email compromises, where an attacker already has insight into some of the emails being exchanged, then you can figure out who is the guy sending those weird macros and maybe add even code to it."
—Johannes Ullrich, dean of research at the SANS Technology Institute and host of the ISC StormCast podcast, on the CyberWire's Daily Podcast, 5.1.20.
Still a problem, even if not crazy, after all these years.
If you're interested in space and communications (technology, policy, business, and operations), take a look at the latest issue of Cosmic AES Signals & Space. Produced in partnership with the CyberWire, Signals & Space offers a monthly overview of news in this sector.
Looking to advance your cybersecurity career? Then the Georgetown University Master's in Cybersecurity Risk Management is for you. Ideal for working professionals, our program offers flexible options to take classes online, on campus, or through a combination of both—so you don’t have to interrupt your career to earn your degree. You'll leave the program with the expertise you need to effectively manage risks and navigate today’s increasingly complex cyber threats. Learn more.
In today's CyberWire Daily Podcast, out later this afternoon, we speak with our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin discusses a question in intellectual property law: AI inventions and their pending patents. Our guest is Matt Glenn from Illumio, on why companies should break up with their firewalls.
Recorded Future's threat intelligence podcast, produced in partnership with the CyberWire, is up. In this week's episode, "Promoting International Understanding and Trust," they speak with Mihoko Matsubara, chief cybersecurity strategist at NTT Corporation in Tokyo, where she’s responsible for cybersecurity thought leadership. The conversation explores the different approaches to cybersecurity seen in Japan, and the impact those cultural differences have on that nation’s security. We’ll also learn more about Mihoko’s efforts to bridge that gap of understanding, and to help build trust and safety around the world.
In this week's episode of CSO Perspectives, "Dark web and TOR: What kind of intelligence can you find there?" the CyberWire's CSO Rick Howard discusses counterintelligence operations by commercial vendors on the dark web, and the kinds of intelligence that can be found there.
